!112 Don't change permissions of netrules target

From: @tong_1001 Reviewed-by: @gaoruoshu Signed-off-by: @gaoruoshu
2023-04-14 01:51:49 +00:00 · 2023-04-14 01:51:49 +00:00 · d034ba347e
commit d034ba347e
parent 1eceb965bb a8bcb75f2b
2 changed files with 114 additions and 1 deletions
--- a/backport-Do-not-change-permissions-of-netrules-target.patch
+++ b/backport-Do-not-change-permissions-of-netrules-target.patch
@ -0,0 +1,109 @@
+From 56c88cafd1b3606e814069a79f4ec265fc427c87 Mon Sep 17 00:00:00 2001
+From: James Falcon <james.falcon@canonical.com>
+Date: Thu, 23 Mar 2023 10:21:56 -0500
+Subject: [PATCH] Don't change permissions of netrules target (#2076)
+
+Set permissions if file doesn't exist. Leave them if it does.
+
+LP: #2011783
+
+Co-authored-by: Chad Smith <chad.smith@canonical.com>
+---
+ cloudinit/net/eni.py                      |  4 +++-
+ cloudinit/net/sysconfig.py                |  7 ++++++-
+ tests/unittests/distros/test_netconfig.py | 20 ++++++++++++++++++--
+ 3 files changed, 27 insertions(+), 4 deletions(-)
+
+diff --git a/cloudinit/net/eni.py b/cloudinit/net/eni.py
+index b0ec67b..f6398e3 100644
+--- a/cloudinit/net/eni.py
+++ b/cloudinit/net/eni.py
+@@ -571,7 +571,9 @@ class Renderer(renderer.Renderer):
+             netrules = subp.target_path(target, self.netrules_path)
+             util.ensure_dir(os.path.dirname(netrules))
+             util.write_file(
+-                netrules, self._render_persistent_net(network_state)
+                netrules,
+                content=self._render_persistent_net(network_state),
+                preserve_mode=True,
+             )
+ 
+ 
+diff --git a/cloudinit/net/sysconfig.py b/cloudinit/net/sysconfig.py
+index 07f474d..d22354c 100644
+--- a/cloudinit/net/sysconfig.py
+++ b/cloudinit/net/sysconfig.py
+@@ -1008,7 +1008,12 @@ class Renderer(renderer.Renderer):
+         if self.netrules_path:
+             netrules_content = self._render_persistent_net(network_state)
+             netrules_path = subp.target_path(target, self.netrules_path)
+-            util.write_file(netrules_path, netrules_content, file_mode)
+            util.write_file(
+                netrules_path,
+                content=netrules_content,
+                mode=file_mode,
+                preserve_mode=True,
+            )
+ 
+         sysconfig_path = subp.target_path(target, templates.get("control"))
+         # Distros configuring /etc/sysconfig/network as a file e.g. Centos
+diff --git a/tests/unittests/distros/test_netconfig.py b/tests/unittests/distros/test_netconfig.py
+index a25be48..8760975 100644
+--- a/tests/unittests/distros/test_netconfig.py
+++ b/tests/unittests/distros/test_netconfig.py
+@@ -376,8 +376,16 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
+     def eni_path(self):
+         return "/etc/network/interfaces.d/50-cloud-init.cfg"
+ 
+    def rules_path(self):
+        return "/etc/udev/rules.d/70-persistent-net.rules"
+
+     def _apply_and_verify_eni(
+-        self, apply_fn, config, expected_cfgs=None, bringup=False
+        self,
+        apply_fn,
+        config,
+        expected_cfgs=None,
+        bringup=False,
+        previous_files=(),
+     ):
+         if not expected_cfgs:
+             raise ValueError("expected_cfg must not be None")
+@@ -385,7 +393,11 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
+         tmpd = None
+         with mock.patch("cloudinit.net.eni.available") as m_avail:
+             m_avail.return_value = True
+            path_modes = {}
+             with self.reRooted(tmpd) as tmpd:
+                for previous_path, content, mode in previous_files:
+                    util.write_file(previous_path, content, mode=mode)
+                    path_modes[previous_path] = mode
+                 apply_fn(config, bringup)
+ 
+         results = dir2dict(tmpd)
+@@ -396,17 +408,21 @@ class TestNetCfgDistroUbuntuEni(TestNetCfgDistroBase):
+             print(results[cfgpath])
+             print("----------")
+             self.assertEqual(expected, results[cfgpath])
+-            self.assertEqual(0o644, get_mode(cfgpath, tmpd))
+            self.assertEqual(
+                path_modes.get(cfgpath, 0o644), get_mode(cfgpath, tmpd)
+            )
+ 
+     def test_apply_network_config_eni_ub(self):
+         expected_cfgs = {
+             self.eni_path(): V1_NET_CFG_OUTPUT,
+            self.rules_path(): "",
+         }
+         # ub_distro.apply_network_config(V1_NET_CFG, False)
+         self._apply_and_verify_eni(
+             self.distro.apply_network_config,
+             V1_NET_CFG,
+             expected_cfgs=expected_cfgs.copy(),
+            previous_files=((self.rules_path(), "something", 0o660),),
+         )
+ 
+     def test_apply_network_config_ipv6_ub(self):
+-- 
+2.39.1
+
--- a/cloud-init.spec
+++ b/cloud-init.spec
@ -1,6 +1,6 @@
 Name: cloud-init
 Version: 22.2
-Release: 6
+Release: 7
 Summary: the defacto multi-distribution package that handles early initialization of a cloud instance.
 License: ASL 2.0 or GPLv3
 URL: http://launchpad.net/cloud-init
@ -14,6 +14,7 @@ Patch2: bugfix-sort-requirements.patch
 Patch3: add-variable-to-forbid-tmp-dir.patch
 Patch4: Fix-the-error-level-logs-displayed-for-the-cloud-init-local-service.patch
 Patch5: backport-Fix-permission-of-SSH-host-keys-1971.patch
+Patch6: backport-Do-not-change-permissions-of-netrules-target.patch

 Patch9000:     fix-permission-of-the-private-key.patch

@ -130,6 +131,9 @@ fi
 %exclude /usr/share/doc/*

 %changelog
+* Fri Apr 14 2023 shixuantong <shixuantong1@huawei.com> - 22.2-7
+- Don't change permissions of netrules target
+
 * Tue Mar 14 2023 shixuantong <shixuantong1@huawei.com> - 22.2-6
 - Fix permission of SSH host keys